How Obamacare's 'privacy nightmare' database really works

When shoppers apply for health insurance through the forthcoming state-based Obamacare exchanges, the online system will verify each applicant's information by pulling in data from more than half a dozen federal agencies ranging from the IRS to the Peace Corps. It will know who you are, how much money you make, and whether or not you're in the United States legally.

The prospect of one online system having access to so much personal information is making some watchdogs nervous. In a USA Today op-ed decrying the system as a "privacy nightmare," researchers Stephen Parente and Paul Howard penned these scary words: "This hub will achieve what has, until now, only appeared in pulp thrillers: a central database linking critical state and federal data on every U.S. citizen for real-time access."

The U.S. Department of Health and Human Services, the agency responsible for building the federal "data hub" underpinning the new network of state-based exchanges, says the reality is less Orwellian. For one thing, the system will only be able to access information on those who actually apply for health insurance coverage -- there's no vast database storing information on everyone who might be eligible.

In fact, there's no database at all. The data hub is designed to operate as a middleman, reaching out to seven different federal agencies to view information about those seeking coverage. Each of those agencies is responsible for maintaining and securing its own data -- and many of them already make this kind of information available to a wide variety of online systems.

For instance, the HHS hub will be using data from the Internal Revenue Service to confirm the income information that applicants submit. That sounds risky: Your tax information will be available online, where skilled hackers could theoretically get access to it. But guess what? It already is. The IRS currently provides access to tax-return information over the Internet to nearly 300 federal and state agencies.

Likewise, the Department of Homeland Security will be verifying the citizenship status of Obamacare applicants in real time with an existing online system called SAVE (Systematic Alien Verification for Entitlements).

A congressional subcommittee last week summoned officials from the IRS, HHS and other agencies to a hearing investigating the privacy and security implications of the systems they're building and leveraging to support Obamacare. Those systems will need to be operational less than three months from now, on October 1, when all 50 of the new state-based exchanges are scheduled to open for enrollment. (Coverage will kick in on Jan. 1, 2014.)

Entrepreneurs: Obamacare delay not enough

At the hearing, agency officials emphasized that the government routinely stores and shares personal information electronically, and has extensive safeguards in place. IRS official Daniel Werfel said in written testimony that all agencies with access to tax return data must comply with lengthy technical requirements for protecting tax filers' personal information.

• Department of Defense, Department of Veterans Affairs, Office of Personnel Management and Peace Corps: checks to see if the applicant is enrolled in health care programs run by these departments

Building this data hub isn't cheap: HHS is paying more than $55 million to Quality Software Services Inc. (a unit of United Healthcare), the contractor it hired to create the system. The project is on track to launch on time: A recent Government Accountability Office audit found that the data hub has hit its scheduled deadlines so far; HHS officials say they're confident they'll be ready to launch by October.

Critics say they'll be watching to see if this plays out as smoothly as the government promises it will.

Parente, a University of Minnesota finance professor who co-authored the USA Today op-ed, says he's somewhat reassured by the system's design -- most information will simply pass through, without being retained. But he remains wary about the information that will be stored -- particularly considering how long the information can be kept. Recent regulations call for the data to be stored for up to 10 years in some cases. Parente thinks that's excessive and he worries about the information being stolen or misused.

Rep. Patrick Meehan, a Republican from Pennsylvania, said he thinks the data trove could "place targets on every American who enters the exchange" and become a magnet for identity thieves.

"I have grave concerns about the ability to establish sufficient security in this massive, unprecedented network by October 1st, when our most secure networks are breached every day," he said at last week's hearing.